Maybe the most experienced recall it. There was a time when few knew what DSL was, but if you looked for it you could read incredible stories about wireless internet networks installed in companies around the us, most of which were open or so weakly cyphered that could be easily broken . There were even wardrivers, that is, people that armed with a laptop and a wifi card would drive registering the places were a wifi network was located. Thus, first weak wifis widespreaded and later new versions presumably more secured appeared and were broken. All in all, a technology sold several times is great market logic but terrible for our security.

Although nowadays I can’t help noticing the resemblance between what happened to wifi and what is happening to rfid: new vulnerable products are released which information can be read and duplicated, and when it’ll be widespreaded enough and some had dropped their jaw, newer supposedly more secure versions will be launched that will have to be bought again. Indeed, the insecurity of rfid has already been proved and there’s even people driving their car with a laptop and an antenna reading the information stored in, for example, passports. So, the matter is more serious than it seems: firstly because there’s already a lot of people that use rfid being unaware of it, citizens that carry cards or transmitter (and consequently more information publicly available); and secondly because the authorities have chosen to use it knowing that’s vulnerable either playing it down or refusing to comment on it.

Now, one has to be really naive or be utterly bribed to expose the privacy of every citizen, neighbor, friend, relative and even his own. That, added to the fact that the use of material to avoid certain attacks is restricted in some countries (although they’ve been using it for decades) makes me wonder that we should convert in Faraday cages every single home, car, pocket and wallet.
Because this technologies can allow halting partially or entirely those networks were are introduced without even having physical access to their servers: think what could happen if someone in a big city and with the right antenna decided to collect all the identifications of the transport cards and, the next day, send them massively against the cancellation machines.
And what could happen if the identifications collected are those of electric locks?.

faltantornillos.net